Predictable Random Number Generation Vulnerability in RuletkaIo Ethereum Gambling Smart Contract

Predictable Random Number Generation Vulnerability in RuletkaIo Ethereum Gambling Smart Contract

CVE-2018-17968 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.

Learn more about our Blockchain Pen Testing.